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[Show legal status actions 

ie present invention provides systems and methods for secure 
transaction management and electronic rights protection. Electronic 
appliances such as computers equipped in accordance with the 
present invention help to ensure that information is accessed and 
used only in authorized ways, and maintain the integrity, availability 
and/or confidentiality of the information. Such electronic appliances' 
provide a distributed virtual distribution environment (VDE) that may 
enforce a secure chain of handling and control, for example, to 
control and/or meter or otherwise monitor use of electronically 
stored or disseminated information. Such a virtual distribution 
environment may be used to protect rights of various participants in 
electronic commerce and other electronic or electronic-facilitated 
transactions. Distributed and other operating systems, environments 
and architectures, such as, for example, those using tamper- 
resistant hardware-based processors, may establish security at 
each node. These techniques may be used to support an all- 
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Fischer 




Public key/signature 
cryptosvstem with 
enhanced digital signature 




certification 


US5216603 


6/1993 


Flores et al. 


Action 
Technologies, Inc. 


Method and apparatus for 
structuring and manaoinq 
human communications by 
explicitly aenning tne types 




of communications 
permitted between 
participants 


US5221833 


6/1993 


Hecht 


Xerox Corporation 


ivietnoos ano means tor 
reducing bit error rates in 




reading self-clocking qlyph 
codes 


US5222134 


6/1993 


Waite et al. 


Tau Systems 
Corporation 


Secure system for 
activating personal 




computer software at 
remote locations 


US5224160 


6/1993 


Paulini et al. 


Siemens Nixdorf 
Informationssysteme 
AG 


Process for securinq and 
for checking the integrity of 




the secured programs 


US5224163 


6/1993 


Gasser et al. 


Digital Equipment 
Corporation 


Method for delegating 
authorization from one 
entity to another throuqh 




the use of session 
encryption keys 








Digital Equipment 


Access control subsystem 
and method for distributed 
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8/1993 



Wobber et al. 



Digital Equipment 
Corporation 



computer system using 



locally cached 



authentication credentials 
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9/1993 



Zhang 



Xerox Corporation 



Self-clockinQ glyph code 



for encoding dual bit di g ital 



values robustly 



Information distribution" 
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9/1993 



Sprague et al. 



system 



US5260999 



11/1993 



Wyman 



Digital Equipment 
Corporation 



Filters in license 



mana g ement system 



Method and system for 
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11 /1993 



Janis 



International 
Business Machines 
Corporation 
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user access control in a 
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backup/restore and 
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Matyas et al. 



International 
Business Machines 
Corporation 



cryptosystem 

Data enclave and trusted 
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Secure Computing 
Corporation 



path system 
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digital packets in a 
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1 /1994 



Mary 



Matra 
Communication 
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2/1994 



Sprecher et 
al. 



PacTel Corporation 



Network management 



International 
Business Machines 
Corporation 



system 



US5301231 



4/1994 



Abraham 



User defined function 



facility 



US5311591 



5/1994 



Fischer 



Com put er system security 
method and apparatus for 
creating and using 
progr am authorization 
information data structures 



Method and system for 
multimedia access control 
enablement 



US5319705 



6/1994 



Halter et al. 



International 
Business Machines 
Corporation 



Method and apparatus for 
creatin g, supporting, and 
using travelling programs 



US5337360 
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Transformation of 
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TestDrive 
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Hybrid encryption method 



US5343527 



8/1994 
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and system for protecting 
reusable software 
components 
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9/1994 



Blandford 



Personal computer diar y 
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US5351293 
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Michener et 
al. 



Wave Systems 
Corp. 



apparatus for 
authenticating an 
encr y pted si gnal 



System for multilevel 
secure database 
mana g ement usin g a 
knowled g e base with 
release-based and other 
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security constraints for 
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Method of extending the 
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validity of a cryptographic 
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US5373561 


12/1994 


Haber et al. 


Communications 
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validity of a cryptographic 




certificate 
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2/1995 


Fischer 




Method and apparatus for 
creatine, supporting, and 




using travelling programs 


US5390330 


2/1995 


Talati 




Control svstem and 
of software application 




information models without 
code generation 


US5392220 


2/1995 


van den 

1—1 amor of dl 


U.S. Philips 
worporaiion 


Method and system for 




organizing data 


US5392390 


2/1995 


Crozier 


IntelliLink Corp. 


Method for mapping, 
translating, and 
dynamically reconciling 




uaia uciwccii uio|Jciiaic 

computer platforms 


US5394469 


2/1995 


Nagel et al. 


uiiuoaie oysiems, 
Inc. 


Method and apparatus for 

rptriPY/inn capmto 
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information from mass 




storage media 


US54 10598 


4/1995 


Shear 


Electronic 
Publishing 
r\@sources, inc. 


Database usage metering 
and protection system and 




method 
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Computer svstem security 
method and apparatus 
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lldviliy pluyiGllI 




authorization information 
data structures 


US5421006 


5/1995 


Jablon 


Compaq Computer 
Corp. 


Method and apparatus for 
assessing integrity of 




computer svstem software 




6/1995 


Fischer 




Personal date/time notary 




device 


US5428606 


6/1995 


Moskowitz 
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commodities exchange 


US5438508 


8/1995 


Wyman 


Digital Equipment 
corporation 


License document 
interchange format for 
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system 


US5442645 
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Bull CP8 


Method for checking the 
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data and aDDaratus for 
implementing this method 




8/1995 


Daniele 


Xerox Corporation 


Electronic copyright royalty 
aucuunimg system using 




alvDhs 


US5449895 


9/1995 


Hecht et al. 


Xerox Corporation 


Explicit synchronization for 




self-clocking glyph codes 


US5449896 


9/1995 


Hecht et al. 


Xerox Corporation 


Random access 
techniques for use with 




self-clocking glvph codes 


Uo04oU4yo 


9 /1 995 


Maner 


AT&T Corp. 


Secure communication 




method and apparatus 


Uo040oDU1 


9 /1 995 


Rosen 


Citibank, N.A. 


Electronic-monetarv 




system 


US5453605 


9/1995 


Hecht et al. 


Xerox Corporation 


Global addressability for 




self-clocking glyph codes 


US5455407 


10/1995 


Rosen 


Citibank, N.A. 


Electronic-monetarv 




system 


US5455861 


10/1995 
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AT&T Corp. 


Secure 
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US5455861 
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Faucher et al. 


AT&T Corp. 


telecommunications 




10/1995 


Russell 


Wang Laboratories, 
Inc. 


Authorization svstem for 
obtaininn in sinale steD 

W ICI II 1 II IKj III Oil IUIC o lop 

both identification and 
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server directly from 
encrvDted authorization 
ticket 


US5457746 


10/1995 


Dolphin 


Spyrus, Inc. 


Svstem and method for 
access control for Dortable 




data storage media 


US5463565 


10/1995 


Cookson et al. 


Time Warner 
Entertainment Co., 
LP. 


Data block format for 
software carrier and plaver 




therefor 


US5473687 


12/1995 


Lipscomb et 
al. 


Infosafe Systems, 
Inc. 


Method for retrievinq 
secure information from a 






Uoo4 73692 


12/1995 


Davis 


Intel Corporation 


Roving software license for 




a hardware agent 


US5479509 


12/1995 


Ugon 


Bull CP8 


Method for signature of an 
information processing file, 
and apparatus for 




implementing it 


US5485622 


1 /1996 


Yamaki 


Kabushiki Kaisha 
Toshiba 


Password processing 




svstem for computer 


US5491800 


2/1996 


Goldsmith et 
al. 


Taligent, Inc. 


UDiect-orientea remote 
procedure call networking 




svstem 


US5497479 


3/1996 


Hornbuckle 


SofTel, Inc. 


Method and apparatus for 
remotely controlling and 
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computer software 


US5497491 


3/1996 


Mitchell et al. 


International 
Business Machines 
Corporation 


System and method for 

imnnrtinn anri PYnnrtirin 
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data between an object 
oriented computing 




environment and an 
external computing 
environment 
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US5499298 


3 /1996 


Narasimhalu 
et al. 


National University 
of Singapore 


Controlled dissemination of 




digital information 


US5504757 


4/1996 


Cook et al. 


International 
Business Machines 
Corporation 


Method for selecting 
transmission speeds for 
transmitting data packets 




over a serial bus 


US5504818 


4/1996 


Okano 




Information processing 
system using error- 
correcting codes and 




cryptography 


US5504837 


4/1996 


Griffeth et al. 


Bell 

Communications 
Research, Inc. 


Method for resolving 
conflicts among distributed 
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generation of counter 
proposals bv transversing 




a goal hierarchy with 
acceptable, unacceptable, 
and indeterminate nodes 


US5508913 


4/1996 
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al. 


Fujitsu Limited 


Electronic automatic offer 
matching svstem for 
freezer exchange 




transactions among banks 










Method for encouraging 
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US5509070 


4/1996 


Schull 


Inc. 


ourchase of executable 
and non-executable 




software 


US5513261 


4/1996 


Maher 


AT&T Corp. 


Kev manaaement scheme 
for use with electronic 




cards 


US5530235 


6/1996 


Stefik et al. 


Xerox Corporation 


Interactive contents 




revealing storage device 


US5530752 


6/1996 


Rubin 


Convex Computer 
Corporation 


Systems and methods tor 
protecting software from 
unlicensed copyina and 




use 


US5533123 


7/1996 


Force et al. 


National 
Semiconductor 
v^orporauon 


Proarammable distributed 




personal securitv 


US5534975 


7/1996 


Stefik et al. 


Xerox Corporation 


Document processinq 
svstem utilizina document 
service cards to Drovide 




document processina 
services 


US5537526 


7/1996 


Anderson et 
al. 


Taugent, Inc. 


Memoa ana apparatus ror 
Drocessina a disolav 
document utilizing a 




svstem level document 
framework 


US5539735 


7/1996 


Moskowitz 




Digital information 




commodities exchanae 


US5539828 


7/1996 


Davis 


Intel Corporation 


Apparatus and method for 
providing secured 




cornrnunicaiions 


US5550971 




Brunner pt al 


U S West 
Technologies, Inc. 


Method and svstem for 
generating; a user interface 
adantabte to various 




database management 
systems 


US5553282 


9/1996 


Parrish et al. 


Taligent, Inc. 


Software project history 
database and method of 




operation 


US5557518 


9/1996 


Rosen 


Citibank, N.A. 


Trusted agents for open 




electronic commerce 




10/1996 


Cooper et al. 


International 
Business Machines 
Corporation 


Method and apparatus for 
enabling trial period use of 
software products: method 
and apparatus for oassinq 




encrypted files between 
data processing systems 


US5568552 


10/1996 


Davis 


Intel Corporation 


Method for providing a 
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Ol lUi to 


oyoase, inc. 


Secure multi-level system 




procedures 
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1 /1997 


Nagel et al. 
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Inc. 


Method and apparatus for 
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information from a secure 




information source 
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2/1997 


Houser et al. 
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Electronic document 
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method 
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method 
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5/1997 


Stefik et al. 


Xerox Corporation 


System for controllina the 
distribution and use of 




digital works 


US5633932 


5/1997 


Davis et al. 


Intel Corporation 


Apparatus and method for 
preventing disclosure 
throuah user- 




authentication at a printing 
node 


US5634012 


5/1997 


Stefik et al. 


Xerox Corporation 


System for controllina the 
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digital works having a fee 




reporting mechanism 


US5636292 


6/1997 


Rhoads 


Digimarc 
Corporation 


Steganographv methods 
employing embedded 
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6/1997 


Stefik et al. 


Xerox Corporation 
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distribution and use of 




composite digital works 
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b /1997 


ocott et ai. 


Object Technology 
Licensing Corp. 


Svstem and method of 
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document proxies 
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6/1997 
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Network Programs, 
inc. 
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coorainaiion, projection, 
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8/1997 


Jones et al. 


Microsoft 
Corporation 


ivieinoa ana system ror 
authenticating access to 
heterogeneous computing 




services 
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11 /1997 


Moskowitz et 
ai. 


The Dice Company 


Steganographic method 




and device 


US5689587 


11 /1997 


Bender et al. 


Massachusetts 
Institute of 
Technology 


Method and apparatus for 




data hiding in images 


US5692180 


11 /1997 


Lee 


International 
Business Machines 
Corporation 


Object-oriented cell 
directory database for a 
distributed computing 
environment 


US57 10834 


1 /1998 


Rhoads 


Digimarc 
Corporation 


Method and apparatus 
responsive to a code 
signal conveyed through a 




graphic image 


US5740549 


4/1998 


Reilly et al. 


PointCast, Inc. 
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distribution system and 




method 


US5745604 


4/1998 


Rhoads 


Digimarc 
Corporation 


Identification/authentication 
system using robust, 




distributed coding 


US5748763 


5/1998 


Rhoads 


Digimarc 
Corporation 


Image steganographv 
system featuring 
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globally scalable signal 
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providing dynamic 
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System and method for 
protecting use of 
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executable modules 
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5/1998 
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Inc. 
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manipulation of data 




structures 
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1 /1998 


Erickson 
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Svstem and method for 
managing copyrighted 
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6/1998 


Rhoads 


Digimarc 
Corporation 


Graphics processing 
system employing 
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CLAIMS: We claim: 
[Hide claims] : 1 . A method of operating on a first secure container arrangement 
having a first set of controls associated therewith, said first secure 
container arrangement at least in part comprising a first protected 
content file, said method comprising the following steps performed 
within a virtual distribution environment including at least one 
electronic appliance: 

• using at least one control associated with said first secure 
container arrangement for governing, at least in part, at least 
one aspect of use of said first protected content file while said 
first protected content file is contained in said first secure 
container arrangement; 

• creating a second secure container arrangement having a 
second set of controls associated therewith, said second set 
of controls governing, at least in part, at least one aspect of 
use of any protected content file contained within said second 
secure container arrangement; 

• transferring at least a portion of said first protected content 
file to said second secure container arrangement, said 
portion made up of at least some of said first protected 
content file; and 

• using at least one rule to govern at least one aspect of use of 
said first protected content file portion while said portion is 
contained within said second secure container arrangement; 

• in which 

• said first secure container arrangement comprises a third 
secure container arrangement comprising a third set of 
controls and said first protected content file, and 

• said first secure container arrangement further comprises a 
fourth secure container arrangement comprising a fourth set 
of controls and a second protected content file. 

2. A method as in clarimj. in which said step of creating a second 
secure container arrangement is governed, at least in part, by a first 
subset of controls contained within said first set of controls. 

3. A method as in claim 1 in which said step of creating a second 
secure container arrangement includes a step of creating said 
second set of controls by copying said third set of controls. 
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4. A method as in claim 2 in which said step of creating a second 
secure container arrangement is governed in part by controls 
contained within said third set of controls. 

5. A method as in claim 4 in which said second set of controls 
comprises controls copied from said first set of controls and controls 
copied from said third set of controls. 

6. A method as in c laim 5 in which said second set of controls 
further comprises controls riot copied from either said first set of 
controls or said third set of controls. 

7. A method as in claim 4 in which said step of creating a second 
secure container arrangement is governed in part by controls not 
contained within said first set of controls or said third set of controls. 

8. A method of operating on a first secure container arrangement 
having a first set of controls associated therewith, said first secure 
container arrangement at least in part comprising a first protected 
content file, said method comprising the following steps performed 
within a virtual distribution environment including at least one 
electronic appliance: 

• using at least one control associated with said first secure 
container arrangement for governing, at least in part, at least 
one aspect of use of said first protected content file while said 
first protected content file is contained in said first secure 
container arrangement; 

• creating a second secure container arrangement having a 
second set of controls associated therewith said second set 
of controls governing, at least in part, at least one aspect of 
use of any protected content file contained within said second 
secure container arrangement; 

• transferring at least a portion of said first protected content 
file to said second secure container arrangement said portion 
made up of at least some of said first protected content file; 
and 

• using at least one rule to govern at least one aspect of use of 
said first protected content file portion while said portion is 
contained within said second secure container arrangement, 

• in which said step of creating said second secure container 
arrangement occurs at a first site, and said step of 
transferring further comprises said second secure container 
arrangement being transferred to a second site distinct from 
said first site; and 

• in which said first site is associated with a content distributor; 

• said second site is associated with a user of content; and 

• said user directly or indirectly initiating communication with 
said first site; 

• in which said step of said user directly or indirectly initiating 
communication with said first site includes a step of 
transmitting a third secure container arrangement to said first 
site, said third secure container arrangement comprising a 
third set of controls. 

9. A method as in claim 8 in which said third set of controls 
comprises at least a REGISTER control. 

1 0. A method as in cla|m 8 in which said third set of controls 
comprises at least a WANT control. 

1 1 . A method as in claim 8 in which said third set of controls 
comprises controls specifying content desired by said user and 
terms under which said user is willing to obtain said content. 

12. A method as in clalm j l in which said step of creating said 
second secure container arrangement is governed, at least in part, 
by controls from said first set of controls, and controls from said third 
set of controls. 

13. A method as in claim 12 in which said second set of controls 
comprises controls created through an interaction between said first 
set of controls and said third set of controls. 
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14. A method as in claim 12 in which said second set of controls 
comprises controls copied from said first set of controls and controls 
copied from said third set of controls. 

1 5. A method as in claim 13 in which said second set of controls 
comprises at least some controls not found in said first set of 
controls and said third set of controls. 

16. A method as in cl aim 13 in which said second set of controls 
includes controls governing the use by said user of said first 
protected content file portion. 

17. A method as in claim 16 in which said second set of controls 
includes controls governing the price to be paid by said user for use 
of said first protected content file portion. 

18. A method as in claim 16 in which said second set of controls 
includes controls governing the auditing method to be used in 
connection with use by said user of said first protected content file 
portion. 

19. A method as in claim 16 in which said second set of controls 
includes controls specifying the clearinghouse to be used for 
payment by said user for use of said first protected content file 
portion. 

20. A method as in cl aim 16 in which said second set of controls 
includes controls specifying information to be provided by said user 
in return for use of said first protected content file portion. 

21 . A method of operating on a first secure container 
arrangement having a first set of controls associated therewith, said 
first secure container arrangement at least in part comprising a first 
protected content file, said method comprising the following steps 
performed within a virtual distribution environment including at least 
one electronic appliance: 

• using at least one control associated with said first secure 
container arrangement for governing, at least in part, at least 
one aspect of use of said first protected content file while said 
first protected content file is contained in said first secure 
container arrangement; 

• creating a second secure container arrangement having a 
second set of controls associated therewith, said second set 
of controls governing, at least in part, at least one aspect of 
use of any protected content file contained within said second 
secure container arrangement; 

• transferring at least a portion of said first protected content 
file to said second secure container arrangement, said 
portion made up of at least some of said first protected 
content file; and 

• using at least one rule to govern at least one aspect of use of 
said first protected content file portion while said portion is 
contained within said second secure container arrangement, 

• in which said step of creating said second secure container 
arrangement occurs at a first site, and said step of 
transferring further comprises said second secure container 
arrangement being transferred to a second site distinct from 
said first site; and 

• in which said first site is associated with a content distributor; 

• said second site is associated with a user of content; and 

• said user directly or indirectly initiating communication with 
said first site; 

• further comprising 

o establishing a level of compensation required for said 
transferring step, and 

o calling a budget method to establish whether one or 
more budgets associated with said user are sufficient 
to satisfy said required compensation. 

22. A method as in cl aim 21 further comprising 
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• failing to perform to said step of transferring if said budget 
method establishes that said one or more budgets associated 
with said user are not sufficient to satisfy said required 
compensation. 

23. A method as in cla.im21. in which said budget method is 
governed by controls contained in said first set of controls. 

24. A method as in claim 21 in which said budget method is 
governed by controls contained in said third set of controls. 

25. A method as in clajm23 in which said budget method is also 
governed by controls contained in said third set of controls. 

26. A method of operating on a first secure container 
arrangement having a first set of controls associated therewith, said 
first secure container arrangement at least in part comprising a first 
protected content file, said method comprising the following steps 
performed within a virtual distribution environment including at least 
one electronic appliance: 

• using at least one control associated with said first secure 
container arrangement for governing, at least in part, at least 
one aspect of use of said first protected content file while said 
first protected content file is contained in said first secure 
container arrangement; 

• creating a second secure container arrangement having a 
second set of controls associated therewith, said second set 
of controls governing, at least in part, at least one aspect of 
use of any protected content file contained within said second 
secure container arrangement; 

• transferring at least a portion of said first protected content 
file to said second secure container arrangement, said 
portion made up of at least some of said first protected 
content file; and 

• using at least one rule to govern at least one aspect of use of 
said first protected content file portion while said portion is 
contained within said second secure container arrangement; 

• in which said steps of transferring at least a portion of said 
first protected content file and creating said second secure 
container arrangement are governed at least in part by the 
same control or set of controls, 

• in which said first set of controls includes controls which 
determine, at least in part, the permitted uses of said first 
protected content file while said first protected content file is 
contained within said first secure container arrangement 

• in which said second set of controls includes controls which 
determine, at least in part, the permitted uses of said 
transferred portion of said first protected content file while 
said transferred portion of said first protected content file is 
contained within said second secure container arrangement 

• in which said first set of controls includes at least a second 
subset of controls which determine, at least in part, the 
controls contained in said second set of controls; and 

• in which said first secure container arrangement further 
comprises a third secure container arrangement. 

27. A method as in claim 5 in which said creation of said second 
secure container arrangement further comprises using a template 
which specifies one or more of the controls contained in said second 
set of controls. 

28. A method as in claim 6 in which said creation of said second 
secure container arrangement further comprises using a template 
which specifies one or more attributes of said second secure 
container arrangement. 

29. A method as in claim 7 in which said creation of said second 
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secure container arrangement further comprises using a template 
which specifies one or more of the controls contained in said second 
set of controls. 

30. An electronic appliance comprising: 

• a memory storing a first secure container comprising a first 
set of rules and a first protected file; 

• a secure processing unit comprising: 

o a container creator that creates a second secure 
container comprising a second set of rules; 

o an extractor that extracts at least a first portion of said 
first protected file from said first secure container; 

o a file transfer arrangement that transfers said first 
portion of said first protected file from said first secure 
container to said second secure container,., said file 
transfer arrangement operating under the control of 
said first set of rules; and 

o a control element that uses said second set of rules to 
govern at least one operation involving said first 
portion of said first protected file while said first portion 
is contained in said second secure container; 

• in which said container creator comprises: 

o means for copying at least one rule from said first set 
of rules; and 

o means for incorporating said at least one rule in said 
second set of rules, 

• further comprising means by which at least one rule from said 
first set of rules governs said container creator, 

• wherein said memory also stores a third secure container 
comprising a third set of rules, said first secure container 
being stored within said third secure container. 

31 . An electronic appliance as in claim 30 further comprising 
means by which at least one rule from said third set of rules governs 
said container creator. 

32. An electronic appliance as in claim 31 further comprising 
means by which at least one rule from said third set of rules is 
incorporated in said second set of rules. 

33. A data processing arrangement comprising at least one 
storing arrangement that at least temporarily stores a first secure 
container comprising first protected data and a first set of rules 
governing use of said first protected data, and at least temporarily 
stores a second secure container comprising second protected data 
different from said first protected data and a second set of rules 
governing use of said second protected data; and 

• a data transfer arrangement, coupled to at least one storing 
arrangement, for transferring at least a portion of said first 
protected data and a third set of rules governing use of said 
portion of said first protected data to said second secure 
container, 

• further comprising 

o means for creating and storing, in said at least one 
storing arrangement, a third secure container; 

o said data transfer arrangement further comprising 
means for transferring said portion of said first 
protected data and said third set of rules to said third 
secure container, and means for incorporating said 
third secure container within said second secure 
container. 

34. A data processing arrangement as in claim 33 further 
comprising means for applying said third set of rules to govern at 
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least one aspect of use of said portion of said first protected data. 

35. A data processing arrangement as in claim 34 further 
comprising means for applying said second set of rules to govern at 
least one aspect of use of said portion of said first protected data. 

36. A method comprising the following steps: 

• generating a first secure container comprising a first set of 
rules and a first protected file; 

• generating a second secure container comprising a second 
set of rules and a second protected file; 

• transferring a first portion of said first protected file to said 
second secure container, said transferring step governed by 
said first set of rules and comprising: 

o copying said first portion, 
o creating a third set of rules, and 
o storing said copied first portion and said third set of 
rules in said second secure container, and 

• further comprising: 

o storing said first secure container in a memory located 
at a first site, and storing said second secure container 
in a memory located at a second site remote from said 
first site; and 

• wherein said transferring step further comprises: 

o creating a third secure container comprising a fourth 
set of rules, 

o storing said third secure container at said second site, 
o communicating said third secure container from said 

second site to said first site, 
o storing said third secure container at said first site, 
o transferring said copied first portion of said first 

protected file from said first secure container to said 

third secure container, 
o transferring said third set of rules to said third secure 

container, and 
o communicating said third secure container containing 

said first portion of said first protected file and said 

third set of rules from said first site to said second site. 

37. A method as in claim 36 in which said step of storing said 
copied first portion and said third set of rules in said second secure 
container further comprises storing said third secure container in 
said second secure container. 

38. A method as in clai m 36 in which said step of storing said 
copied first portion and said third set of rules in said second secure 
container further comprises: 

• removing said copied first portion from said third secure 
container and transferring said copied first portion to said 
second secure container; and 

• removing said third set of rules from said third secure 
container and transferring said third set of rules to said 
second secure container. 

39. A method as in claim 38 in which said step of transferring said 
third set of rules to said second secure container further comprises 
creating a fourth set of rules. 

40. A method as in cl aim 39 further comprising use of said fourth 
set of rules to govern at least one aspect of use of said copied first 
portion. 

41 . A method comprising performing the following steps within a 
virtual distribution environment comprising one or more electronic 
appliances and a first secure container, said first secure container 
comprising (a) a first control set, and (b) a second secure container 
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comprising a second control set and first protected information: 

• using at least one control from said first control set or said 
second control set to govern at least one aspect of use of 
said first protected information while said first protected 
information is contained within said first secure container; 

• creating a third secure container comprising a third control 
set for governing at least one aspect of use of protected 
information contained within said third secure container; 

• incorporating a first portion of said first protected information 
in said third secure container, said first portion made up of 
some or all of said first protected information; and 

• using at least one control to govern at least one aspect of use 
of said first portion of said first protected information while 
said first portion is contained within said third secure 
container. 

42. A method as in claim 41 , in which said first secure container 
further includes a fourth secure container comprising a fourth control 
set and second protected information and further comprising the 
following step: 

• using at least one control from said first control set or said 
fourth control set to govern at least one aspect of use of said 
second protected information while said second protected 
information is contained within said first secure container. 

43. A method as in claim 41, in which said step of creating a third 
secure container includes: 

• creating said third control set by incorporating at least one 
control from said first control set. 

44. A method as in claim 43 , in which said step of incorporating at 
least one control from said first control set is accomplished in a 
secure manner. 

45. A method as in cla im 41 . in which said step of creating a third 
secure container includes: 

• creating said third control set by incorporating at least one 
control from said second control set. 

46. A method as in claim 45 . in which said step of incorporating at 
least one control from said second control set is accomplished in a 
secure manner. 

47. A method as in claim 41, in which said step of creating a third 
secure container includes: 

• creating said third control set by incorporating at least one 
control not found in said first control set or said second 
control set. 

48. A method as in cl aim 47 in which said step of incorporating at 
least one control not found in said first control set or said second 
control set is accomplished in a secure manner. 

49. A method as in claim 41 , in which said step of creating a third 
secure container is governed at least in part by at least one control 
contained within said first control set. 

50. A method as in claim 41 , in which said step of creating a third 
secure container is governed at least in part by at least one control 
contained within said second control set. 

51 . A method as in claim 41 in which said step of creating a third 
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secure container is governed at least in part by at least one control 
not contained within said first control set or said second control set. 

52. A method as in claim 41 in which said step of creating a third 
secure container occurs at a first site, and further comprising: 

• copying or transferring said third secure container from said 
first site to a second site located remotely from said first site. 

53. A method as in claim 52 in which said first site is associated 
with a content distributor. 

54. A method as in claim 53 in which said second site is 
associated with a user of content. 

55. A method as in claim 54 further comprising the following step: 

• said user directly or indirectly initiating communication with 
said first site. 



56. A method as in claim 55 in which said step of said user 
directly or indirectly initiating communication with said first site 
includes 

• transmitting a fourth secure container to said first site, said 
fourth secure container comprising a fourth control set. 

57. A method as in claim 56 in which said fourth control set 
includes at least a REGISTER control. 

58. A method as in claim 56 in which said fourth control set 
includes at least a WANT control. 

59. A method as in claim 56 in which said fourth control set 
includes one or more controls specifying content desired by said 
user and terms under which said user is willing to obtain said 
content. 

60. A method as in cla|m 56 in which said step of creating said 
third secure container is governed, at least in part, by at least one 
control from said fourth control set. 

61 . A method as in claim 56 in which said third control set 
— includes one or more controls created at least in part through an 

interaction among said first control set, said second control set and 
said fourth control set. 

62. A method as in claim 56 in which said third control set 
includes at least one controi incorporated from said first control set, 
one control incorporated from said second control set and one 
control incorporated from said fourth control set. 

63. A method as in claim 56 in which said third control set 
includes at least one control not found in said first control set, said 
second control set or said fourth control set. 

64. A method as in claim 54 in which said third control set 
includes one or more controls at least in part governing the use by 
said user of at least a portion of said first portion of said first 
protected information. 

65. A method as in claim 64 in which said third control set 
includes one or more controls at least in part governing the price to 
be paid by said user for use of at least a portion of said first portion 
of said first protected information. 

66. A method as in claim 64 in which said third control set 
includes one or more controls at least in part governing or specifying 
an auditing method to be used in connection with use by said user 
of at least a portion of said first portion of said first protected 
information. 

67. A method as in claim 66 wherein at least some auditing 
performed in accordance "with said auditing method is performed at 
said second site. 

68. A method as in claim 66 in which said third control set 
includes one or more controls at least in part specifying one or more 
allowed clearinghouses to receive payment information from said 
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user for use of at least a portion of said first portion of said first 
protected information. 

69. A method as in claim 66 in which said third control set 
includes one or more controls at least in part specifying information 
to be provided by said user in return for use of at least a portion of 
said first portion of said first protected information. 

70. A method as in claim 69 further comprising the step of: 

• encrypting at least a portion of said information to be 
provided by said user. 

71 . A method as in claim 52 further comprising 

• establishing a level of compensation required for at least one 
of (a) said copying or transferring step, or (b) at least one 
aspect of use at said second site of at least a portion of said 
first portion of said first protected information, and 

• calling a budget method to establish whether one or more 
budgets associated with said user are sufficient to satisfy 
said required compensation. 

72. A method as in claim 71 further comprising 

• blocking said copying or transferring step and/or said at least 
one aspect of use if said budget method establishes that said 
one or more budgets associated with said user are not 
sufficient to satisfy said required compensation. 

73. A method as in claim 71 in which said budget method is 
governed at least in part by one or more controls contained in said 
first control set. 

74. A method as in claim 71 in which said budget method is 
governed at least in part by one or more controls contained in said 
second control set. 

75. A method as in claim 74 in which said budget method is also 
governed at least in part by one or more controls contained in said 
first control set. 

76. A method as in claim 41 in which said creation of said third 
secure container further comprises using a template which specifies 
one or more of the controls contained in said third control set. 

77. A method as in claim 49 in which said creation of said third 
secure container further comprises using a template which specifies 
one or more attributes of said third secure container. 

78. A method as in claim 52 in which said creation of said third 
secure container further comprises using a template which specifies 
one or more of the controls contained in said third control set. 

79. An electronic appliance comprising: 

• a memory storing: 

• a first secure container comprising a first rule set and first 
protected information, and 

• a second secure container comprising a second rule set, said 
first secure container being stored within said second secure 
container; 

• a secure processing unit comprising: 

o means for creating a third secure container comprising 
a third rule set, said means further comprising: 

■ means for copying and/or removing at least one 
rule from said first rule set or said second rule 
set; and 

■ means for incorporating said at least one rule in 
said third rule set; 

• means by which at least one rule from said first rule set or 
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said second rule set governs, at least in part, said means for 
creating a third secure container; 

• means for extracting at least a first portion of said first 
protected information from said first secure container; and 

• means for copying or transferring said first portion of said first 
protected information from said first secure container to said 
third secure container; 

• said means for copying or transferring operating at least in 
part under the control of said first rule set and/or said second 
rule set. 

80. An electronic appliance as in claim 79 further comprising 
means by which at least one rule from said first or second rule set is 
incorporated in said third rule set. 

81 . A data processing arrangement comprising: 

• a first secure container comprising first protected information 
and a first rule set governing use of said first protected 
information; 

• a second secure container comprising a second rule set; 

• means for creating and storing a third secure container; and 

• means for copying or transferring at least a portion of said 
first protected information and a third rule set governing use 
of said portion of said first protected information to said 
second secure container, said means for copying or 
transferring comprising: 

o means for incorporating said third secure container 
within said second secure container. 

82. A data processing arrangement as in c l aim 8 1 further 
comprising: 

• means for applying at least one rule from said third rule set to 
at least in part govern at least one factor related to use of 
said portion of said first protected information. 

83. A data processing arrangement as in claim 82 further 
comprising: 

• means for applying at least one rule from said second rule set 
to at least in part govern at least one factor related to use of 
said portion of said first protected information. 

84. A data processing arrangement as in claim 82 in which: 

• said third rule set includes at least one rule from said first rule 
set. 

85. A method comprising the following steps: 

• creating a first secure container comprising a first rule set 
and first protected information; 

• storing said first secure container in a first memory; 

• creating a second secure container comprising a second rule 
set; 

• storing said second secure container in a second memory; 

• copying or transferring at least a first portion of said first 
protected information to said second secure container, said 
copying or transferring step comprising: 

o creating a third secure container comprising a third 
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rule set; 

o copying said first portion of said first protected 
information; 

o transferring said copied first portion of said first 
protected information to said third secure container; 
and 

o copying or transferring said copied first portion of said 
first protected information from said third secure 
container to said second secure container. 

86. A method as in claim 85 wherein said steps of creating said 
second secure container, creating said third secure container, and 
copying said first portion of said first protected information, are 
securely performed by one or more protected processing 
environments. 

87. A method as in claim 85 in which said copied first portion of 
said first protected information consists of the entirety of said first 
protected information. 

88. A method as in claim 85 in which said copied first portion of 
said first protected information consists of less than the entirety of 
said first protected information. 

89. A method as in claim 85 in which 

• said first memory is located at a first site, 

• said second memory is located at a second site remote from 
said first site, and 

• said step of copying or transferring said first portion of said 
first protected information to said second secure container 
further comprises copying or transferring said third secure 
container from said first site to said second site. 

90. A method as in claim 85 in which 

• said first memory and said second memory are located at the 
same site. 

91 . A method as in cl aim 90 in which 

• said first memory comprises first addressable memory 
locations, and 

• said second memory comprises second addressable memory 
locations in the same address space as said first addressable 
memory locations. 

92. A method as in claim 91 in which 

• said first addressable memory locations and said second 
addressable memory locations are located within the same 
physical memory device. 

93. A method as in claim 85 in which 

• said step of copying transferring said copied first portion of 
said first protected information from said third secure 
container to said second secure container further comprises 
storing said third secure container in said second secure 
container. 

94. A method as in claim 85 further comprising: 

• creating a fourth rule set. 
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95. A method as in claim 94 further comprising: 

• using said fourth rule set to govern at least one aspect of use 
of said copied first portion of said first protected information. 

96. A method comprising performing the following steps within a 
virtual distribution environment comprising one or more electronic 
appliances and a first secure container, said first secure container 
comprising a first control set and first protected information: 

• using at least one control from said first control set to govern 
at least one aspect of use of said first protected information 
while said first protected information is contained within said 
first secure container; 

• creating a second secure container comprising a second 
control set for governing at least one aspect of use of 
protected information contained within said second secure 
container; 

• incorporating a first portion of said first protected information 
in said second secure container, said first portion made up of 
some or all of said first protected information; 

• using at least one control to govern at least one aspect of use 
of said first portion of said first protected information while 
said first portion is contained within said second secure 
container; and 

• incorporating said second secure container containing said 
first portion of said first protected information within a third 
secure container comprising a third control set. 

97. An electronic appliance comprising: 

• a memory storing: 

o a first secure container comprising a first rule set and 

first protected information, and 
o a second secure container comprising a second rule 

set; 

• a secure processing unit comprising: 

o means for creating a third secure container comprising 
a third rule set, said means further comprising: 

■ means for copying and/or removing at least one 
rule from said first rule set; and 

■ means for incorporating said at least one rule in 
said third rule set; 

o means by which at least one rule from said first rule 

set governs, at least in part, said means for creating 

said third secure container; 
o means for extracting at least a first portion of said first 

protected information from said first secure container; 
o means for copying or transferring said first portion of 

said first protected information from said first secure 

container to said third secure container; 
o said means for transferring operating at least in part 

under the control of said first rule set and/or said third 

rule set; and 

o means for incorporating said third secure container 
within said second secure container. 

98. A method as in claim 1 further comprising 

• calling a method to govern, at least in part, the creation of 
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said second set of controls. 

99. A method as in cl aim 1 in which said first protected content file 
includes attribute data. 

100. A method as in claim 2 in which said first protected content 
file includes classification data. 

101 . A method as in claim 3 in which said first protected content 
file comprises attribute data. 
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